Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 4f74d72aa7067e75af92fbab077e6d7d0210be66 / . / crypto / asymmetric_keys / Kconfig
blob: f3702e533ff41044694625aad813abc58b8af4dd [file] [log] [blame]
Greg Kroah-Hartmanb2441312017-11-01 15:07:57 +0100[diff] [blame]1# SPDX-License-Identifier: GPL-2.0
David Howells964f3b32012-09-13 15:17:21 +0100[diff] [blame]2menuconfig ASYMMETRIC_KEY_TYPE
David Howells99716b72016-04-06 16:14:26 +0100[diff] [blame]3 bool "Asymmetric (public-key cryptographic) key type"
David Howells964f3b32012-09-13 15:17:21 +0100[diff] [blame]4 depends on KEYS
5 help
6 This option provides support for a key type that holds the data for
7 the asymmetric keys used for public key cryptographic operations such
8 as encryption, decryption, signature generation and signature
9 verification.
10
11if ASYMMETRIC_KEY_TYPE
12
David Howellsa9681bf2012-09-21 23:24:55 +0100[diff] [blame]13config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14 tristate "Asymmetric public-key crypto algorithm subtype"
15 select MPILIB
Dmitry Kasatkin3fe78ca2013-05-06 15:58:15 +0300[diff] [blame]16 select CRYPTO_HASH_INFO
Arnd Bergmannbad6a182016-05-18 16:55:56 +0200[diff] [blame]17 select CRYPTO_AKCIPHER
David Howellsa9681bf2012-09-21 23:24:55 +0100[diff] [blame]18 help
19 This option provides support for asymmetric public key type handling.
20 If signature generation and/or verification are to be used,
21 appropriate hash algorithms (such as SHA-1) must be available.
22 ENOPKG will be reported if the requisite algorithm is unavailable.
David Howells964f3b32012-09-13 15:17:21 +0100[diff] [blame]23
David Howellsc26fd692012-09-24 17:11:48 +0100[diff] [blame]24config X509_CERTIFICATE_PARSER
25 tristate "X.509 certificate parser"
26 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
27 select ASN1
28 select OID_REGISTRY
29 help
David Howells45206982014-07-08 17:21:01 +0100[diff] [blame]30 This option provides support for parsing X.509 format blobs for key
David Howellsc26fd692012-09-24 17:11:48 +0100[diff] [blame]31 data and provides the ability to instantiate a crypto key from a
32 public key packet found inside the certificate.
33
David Howells2e3fadb2014-07-01 16:40:19 +0100[diff] [blame]34config PKCS7_MESSAGE_PARSER
35 tristate "PKCS#7 message parser"
36 depends on X509_CERTIFICATE_PARSER
37 select ASN1
38 select OID_REGISTRY
39 help
40 This option provides support for parsing PKCS#7 format messages for
41 signature data and provides the ability to verify the signature.
42
David Howells22d01af2014-07-01 19:06:18 +0100[diff] [blame]43config PKCS7_TEST_KEY
44 tristate "PKCS#7 testing key type"
David Howellse68503b2016-04-06 16:14:24 +0100[diff] [blame]45 depends on SYSTEM_DATA_VERIFICATION
David Howells22d01af2014-07-01 19:06:18 +0100[diff] [blame]46 help
47 This option provides a type of key that can be loaded up from a
48 PKCS#7 message - provided the message is signed by a trusted key. If
49 it is, the PKCS#7 wrapper is discarded and reading the key returns
50 just the payload. If it isn't, adding the key will fail with an
51 error.
52
53 This is intended for testing the PKCS#7 parser.
54
David Howells26d1164b2014-07-01 16:02:51 +0100[diff] [blame]55config SIGNED_PE_FILE_VERIFICATION
56 bool "Support for PE file signature verification"
57 depends on PKCS7_MESSAGE_PARSER=y
David Howellse68503b2016-04-06 16:14:24 +0100[diff] [blame]58 depends on SYSTEM_DATA_VERIFICATION
David Howells26d1164b2014-07-01 16:02:51 +0100[diff] [blame]59 select ASN1
60 select OID_REGISTRY
61 help
62 This option provides support for verifying the signature(s) on a
63 signed PE binary.
64
David Howells964f3b32012-09-13 15:17:21 +0100[diff] [blame]65endif # ASYMMETRIC_KEY_TYPE